47c1a611304c0be57625c0590e06760096ad50ddde3608d77bf78bc82ec80a4d

Analysis

max time kernel
5s
max time network
150s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
22/03/2025, 00:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47c1a611304c0be57625c0590e06760096ad50ddde3608d77bf78bc82ec80a4d.apk
Size

12.6MB
MD5

b4274768d4b92e28c76989250f4f3850
SHA1

b904fcfba0d78879183c558cf8f3929b254fbc29
SHA256

47c1a611304c0be57625c0590e06760096ad50ddde3608d77bf78bc82ec80a4d
SHA512

c6d06d3ee47498ca850fc0f726b2558787582d8bafbda3dbab804204219a22ad46cc8ae3e47639a19bf6885e059da78d065e6a5db80e46519d688d755fe30fe6
SSDEEP

196608:NGjjVnjqOZoP1qUBOQ5P0ch+bGJpkBT+hK7VHjkf25VCYzMuNrST3pA:NCteOsqwOQqchbYDtk2vYupST3pA

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/zppqwo.rbljak.ufviut/app_autumn/IakAqw.json	5051	zppqwo.rbljak.ufviut

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
12	api.ipify.org
13	api.ipify.org

zppqwo.rbljak.ufviut
1⤵
- Loads dropped Dex/Jar
PID:5051

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/zppqwo.rbljak.ufviut/app_autumn/IakAqw.json

Filesize
573KB

MD5
84cd763c9c3bdc5cfb4c9ac0c470cd5a

SHA1
e74e202794671675957ed40e1bedc2ac99fd23ca

SHA256
73ff46a676ff7b57dcb40082c5931d3775d8b54ffdf8dbb8240c152044f8d223

SHA512
3df941294e54bdb30cda94bb421f98a453677aa953e853b431bcafb1b293280a87c69389309fb6b8ab77c616c1cf7d1b48a6fec57c8ddd5a1276073eb67b6d30

Download Submit
/data/data/zppqwo.rbljak.ufviut/app_autumn/IakAqw.json

Filesize
573KB

MD5
0df3d77235294ccd4d489d203b4dd4bf

SHA1
0f6d0e43f91c7f2c69006af1ec5914eff6ebdb47

SHA256
ad79d44a808f4037b4b4a1173e75592d6f402997fccb60001c0d6176d3f4c38e

SHA512
5e5b4f01d003efa3b743bbd41c9a9d947e3001e9d6e7c7edcfa407690e5b398e02fdc3e1fb134d49a183ebb85e20c7a7446b4e482badb0c5e0a54b7f23ae57b5

Download Submit
/data/user/0/zppqwo.rbljak.ufviut/app_autumn/IakAqw.json

Filesize
1.2MB

MD5
c7bbab33460a4a3b2714fc4ccb8e6f64

SHA1
3db87ddc09f8580020ba2eeab2539917d3bbef69

SHA256
e34be102351a169eefa3581b564c403223ad549a4ee4ca6e60805751156495e3

SHA512
d3739b1cc4ebeef6383a878c522f8aa08ce56500c3b8e34a8ebb05b0beaabd0edb31e5ad0b1f8179b97483a455186a5051156cc7e27fc3d1746401badb5ff33c

Download Submit